ESMPROC fails with RC=0100, with message "java.io.IOException: Failed validating certificate paths" in the logs

Document ID : KB000125393
Last Modified Date : 28/01/2019
Show Technical Document Details
Issue:
ESMPROC is failing with CC=100 and error message:

12:31:53.581 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ."http-nio-7100".
12:31:53.646 .main. INFO org.apache.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ."http-nio-7100".
12:31:54.300 .main. INFO com.ca.sslsocket.CASSLImplementation - keyStoreFile name is safkeyring://ESMSERV/MESMRING
12:31:54.552 .main. ERROR org.apache.coyote.http11.Http11NioProtocol - Failed to start end point associated with ProtocolHandler ."http-nio-7100". java.io.IOException: Failed validating certificate paths

The problem is that ESMPROC is unable to validate the authenticity of server certificate and fails to start, throwing the IOException in its logs.
Cause:
The signing certificate chain:

#1.  Cannot be found; or 
#2.  Is ambiguous 

in the keyring or cert stores being searched.  
Resolution:
1.  (Cause #1) If you used your own signing certificate chain to generate the certificates for ESMPROC, all root and intermediary signing certificates must also be connected as CERTAUTHs to the keyring for ESMPROC (e.g. MESMRING).

2.  (Cause #1) If you used another trusted certificate to sign the server certificate, that certificate is unknown to the ESM and needs to be imported into the database and keyring.

3.  (Cause #2) If the keyring can satisfy the signing chain via more than one path, you can also get this message.